Splunk transforms machine-generated data into valuable insights that can help make your business more productive, profitable and secure. The following guide will walk you through this integration.
From the VictorOps web portal, select Settings, then Alert Behavior, then Integrations.
Select the Splunk, Inc integration option.
Copy the API key from the “Service API Endpoint” field to the clipboard (This is the section after “…/alert/” and before “/$routing_key”).
Go to the “SplunkBase” website, search for “VictorOps”, the select VictorOps For Splunk.
Accept the terms and conditions, then click Agree to Download.
Follow the installation instructions, then click OK.
From the Splunk web interface, click the Settings Icon next to Apps.
Select Install app from file.
Select the VictorOps App file and select Upload.
Enter the API key from the “In VictorOps” section in the “API Key” field, enter an appropriate route in the “Routing Key” field, then click Save.
VictorOps can now be used as an “Alert Action”
Here is an example of setting up a new alert based on a search. From a New search select Save As, then select Alert.
Enter the title you want in the “Title” field, then select Real-time for “Alert type”, then click + Add Actions.
Select the “Message Type” you want, then enter a “State Message”, then click Save. The state message field is configurable and can use Splunk tokens to pass through dynamic information.
Now when that search is matched an alert will come into VictorOps.
You have completed setting up this integration. If you have any questions, please contact VictorOps support.
Modifying the Application
Advanced users may wish to modify some of the finer details of the application. Although the out-of-the-box configuration is recommended, technically savvy users can find the python script executing the alert request to VictorOps under $SPLUNK_HOME/etc/apps/victorops_app/bin/victorops.py.